Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision 786c2117

Von aquamaniac vor mehr als 21 Jahren hinzugefügt

  • ID 786c211721b1fc902e86e121801d25bff020fe9f
  • Vorgänger 332969a6
  • Nachfolger cd2076d0

- more work on IPC. I think I now have found the best method ;-)

git-svn-id: https://devel.aqbanking.de/svn/gwenhywfar/trunk@96 70169cfe-8b10-0410-8925-dcb4b91034d8

Unterschiede anzeigen:

src/impl/ipc/ipcxmlsecctx.c
GWEN_CryptKey_free(d->sessionKey);
free(d->serviceCode);
free(d->securityId);
GWEN_KeyManager_free(d->keyManager);
GWEN_CryptKey_free(d->remoteSignKey);
GWEN_CryptKey_free(d->remoteCryptKey);
free(d);
}
}
......
int crypt){
GWEN_IPCXMLSECCTXDATA *scd;
GWEN_ERRORCODE err;
const GWEN_CRYPTKEY *key;
assert(sc);
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
key=GWEN_KeyManager_GetKey(scd->keyManager,
GWEN_HBCICryptoContext_GetKeySpec(ctx));
if (!key) {
DBG_ERROR(0, "Key not found");
return -1;
}
if (crypt) {
if (scd->remoteCryptKey==0) {
DBG_ERROR(0, "No remote crypt key");
return -1;
}
GWEN_HBCICryptoContext_SetKeySpec(ctx,
GWEN_CryptKey_GetKeySpec(scd->remoteCryptKey));
if (!(scd->sessionKey)) {
GWEN_BUFFER *kbuf;
GWEN_BUFFER *sbuf;
......
}
GWEN_Buffer_Rewind(kbuf);
i=GWEN_CryptKey_GetChunkSize(key)-16;
i=GWEN_CryptKey_GetChunkSize(scd->remoteCryptKey)-16;
DBG_INFO(0, "Padding with %d bytes", i);
while(i-->0) {
if (GWEN_Buffer_InsertByte(kbuf, (char)0)) {
......
sbuf=GWEN_Buffer_new(0, 256, 0, 1);
DBG_INFO(0, "Encrypting key");
err=GWEN_CryptKey_Encrypt(key,
err=GWEN_CryptKey_Encrypt(scd->remoteCryptKey,
kbuf,
sbuf);
if (!GWEN_Error_IsOk(err)) {
......
} /* if no session key */
}
else {
if (scd->localSignKey==0) {
DBG_ERROR(0, "No local sign key");
return -1;
}
GWEN_HBCICryptoContext_SetKeySpec(ctx,
GWEN_CryptKey_GetKeySpec(scd->localSignKey));
/* sign */
GWEN_HBCICryptoContext_SetSequenceNum(ctx,
GWEN_SecContext_GetLocalSignSeq(sc));
GWEN_IPCXMLSecCtx_GetLocalSignSeq(sc));
}
GWEN_HBCICryptoContext_SetMode(ctx, "RDH");
......
GWEN_MD *md;
GWEN_BUFFER *hashbuf;
GWEN_ERRORCODE err;
const GWEN_CRYPTKEY *signKey;
assert(sc);
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
if (scd->localSignKey==0) {
DBG_ERROR(0, "No local sign key");
return -1;
}
/* hash data */
DBG_INFO(0, "Hash data");
md=GWEN_MD_Factory("RMD160");
......
/* sign hash */
GWEN_Buffer_Rewind(hashbuf);
signKey=GWEN_KeyManager_GetKey(scd->keyManager,
GWEN_HBCICryptoContext_GetKeySpec(ctx));
err=GWEN_CryptKey_Sign(signKey,
err=GWEN_CryptKey_Sign(scd->localSignKey,
hashbuf,
signbuf);
if (!GWEN_Error_IsOk(err)) {
......
}
/* increment signature counter */
GWEN_SecContext_NextLocalSignSeq(sc);
scd->localSignSeq++;
GWEN_Buffer_free(hashbuf);
DBG_INFO(0, "Signing done");
......
GWEN_BUFFER *hashbuf;
GWEN_ERRORCODE err;
unsigned int rseq;
const GWEN_CRYPTKEY *signKey;
assert(sc);
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
signKey=GWEN_KeyManager_GetKey(scd->keyManager,
GWEN_HBCICryptoContext_GetKeySpec(ctx));
if (!signKey) {
DBG_ERROR(0, "Key not found");
if (scd->remoteSignKey==0) {
DBG_ERROR(0, "No remote sign key");
return -1;
}
/* check signature sequence number */
rseq=GWEN_HBCICryptoContext_GetSequenceNum(ctx);
if (rseq<=GWEN_SecContext_GetRemoteSignSeq(sc)) {
if (rseq<=GWEN_IPCXMLSecCtx_GetRemoteSignSeq(sc)) {
DBG_ERROR(0, "bad signature sequence number (%d<%d)",
rseq, GWEN_SecContext_GetRemoteSignSeq(sc));
rseq, GWEN_IPCXMLSecCtx_GetRemoteSignSeq(sc));
//return -1; /* comment this out for debugging purposes */
}
GWEN_SecContext_SetRemoteSignSeq(sc, rseq);
GWEN_IPCXMLSecCtx_SetRemoteSignSeq(sc, rseq);
/* hash data */
md=GWEN_MD_Factory("RMD160");
......
}
/* verify hash */
err=GWEN_CryptKey_Verify(signKey,
err=GWEN_CryptKey_Verify(scd->remoteSignKey,
hashbuf,
signbuf);
if (!GWEN_Error_IsOk(err)) {
......
GWEN_BUFFER *kbuf;
GWEN_BUFFER *sbuf;
GWEN_CRYPTKEY *key;
const GWEN_CRYPTKEY *cryptKey;
char *km;
DBG_NOTICE(0, "Storing new session key");
......
}
kbuf=GWEN_Buffer_new(0, 256, 0, 1);
GWEN_Buffer_Rewind(sbuf);
cryptKey=GWEN_KeyManager_GetKey(scd->keyManager,
GWEN_HBCICryptoContext_GetKeySpec(ctx));
if (!cryptKey) {
DBG_ERROR(0, "Key not found");
if (scd->localCryptKey==0) {
DBG_ERROR(0, "No local crypt key");
return -1;
}
err=GWEN_CryptKey_Decrypt(cryptKey,
err=GWEN_CryptKey_Decrypt(scd->localCryptKey,
sbuf,
kbuf);
if (!GWEN_Error_IsOk(err)) {
......
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
DBG_ERROR(0, "Freeing SecCtx-Data");
GWEN_IPCXMLSecCtxData_free(scd);
}
......
GWEN_CryptKey_free(scd->sessionKey);
scd->sessionKey=0;
free(scd->securityId);
scd->securityId=0;
}
......
const char *GWEN_IPCXMLSecCtx_GetSecurityId(GWEN_SECCTX *sc){
GWEN_IPCXMLSECCTXDATA *scd;
assert(sc);
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
return scd->securityId;
}
void GWEN_IPCXMLSecCtx_SetSecurityId(GWEN_SECCTX *sc,
const char *s){
GWEN_IPCXMLSECCTXDATA *scd;
assert(sc);
assert(s);
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
free(scd->securityId);
scd->securityId=strdup(s);
}
unsigned int GWEN_IPCXMLSecCtx_GetLocalSignSeq(GWEN_SECCTX *sc) {
GWEN_IPCXMLSECCTXDATA *scd;
assert(sc);
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
return scd->localSignSeq;
}
void GWEN_IPCXMLSecCtx_SetLocalSignSeq(GWEN_SECCTX *sc,
unsigned int i) {
GWEN_IPCXMLSECCTXDATA *scd;
assert(sc);
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
scd->localSignSeq=i;
}
unsigned int GWEN_IPCXMLSecCtx_GetRemoteSignSeq(GWEN_SECCTX *sc) {
GWEN_IPCXMLSECCTXDATA *scd;
assert(sc);
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
return scd->remoteSignSeq;
}
void GWEN_IPCXMLSecCtx_SetRemoteSignSeq(GWEN_SECCTX *sc,
unsigned int i) {
GWEN_IPCXMLSECCTXDATA *scd;
assert(sc);
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
scd->remoteSignSeq=i;
}
GWEN_SECCTX *GWEN_IPCXMLSecCtx_new(const char *localName,
const char *remoteName){
GWEN_SECCTX *sc;
......
sc=GWEN_SecContext_new(localName, remoteName);
scd=GWEN_IPCXMLSecCtxData_new();
scd->keyManager=GWEN_IPCXMLKeyManager_new();
scd->localSignSeq=1;
scd->remoteSignSeq=0;
GWEN_SecContext_SetPrepareCtxFn(sc, GWEN_IPCXMLSecCtx_PrepareCTX);
GWEN_SecContext_SetSignFn(sc, GWEN_IPCXMLSecCtx_Sign);
GWEN_SecContext_SetVerifyFn(sc, GWEN_IPCXMLSecCtx_Verify);
GWEN_SecContext_SetEncryptFn(sc, GWEN_IPCXMLSecCtx_Encrypt);
GWEN_SecContext_SetDecrpytFn(sc, GWEN_IPCXMLSecCtx_Decrypt);
GWEN_SecContext_SetFreeDataFn(sc, GWEN_IPCXMLSecCtx_FreeData);
GWEN_SecContext_SetFromDbFn(sc, GWEN_IPCXMLSecCtx_FromDB);
GWEN_SecContext_SetToDbFn(sc, GWEN_IPCXMLSecCtx_ToDB);
GWEN_SecContext_SetData(sc, scd);
......
}
int GWEN_IPCXMLSecCtx_AddKey(GWEN_SECCTX *sc,
const GWEN_CRYPTKEY *k){
int GWEN_IPCXMLSecCtx_FromDB(GWEN_SECCTX *sc,
GWEN_DB_NODE *db){
const char *p;
GWEN_DB_NODE *gr;
GWEN_IPCXMLSECCTXDATA *scd;
assert(sc);
assert(k);
scd=GWEN_IPCXMLSecCtxData_new();
assert(scd);
scd->localSignSeq=GWEN_DB_GetIntValue(db, "localsignseq", 0, 0);
scd->remoteSignSeq=GWEN_DB_GetIntValue(db, "remotesignseq", 0, 0);
p=GWEN_DB_GetCharValue(db, "serviceCode", 0, 0);
if (p)
GWEN_IPCXMLSecCtx_SetServiceCode(sc, p);
p=GWEN_DB_GetCharValue(db, "securityId", 0, 0);
if (p)
GWEN_IPCXMLSecCtx_SetSecurityId(sc, p);
/* read the keys */
gr=GWEN_DB_GetGroup(db,
GWEN_DB_FLAGS_DEFAULT |
GWEN_PATH_FLAGS_NAMEMUSTEXIST,
"remotesignkey");
if (gr) {
GWEN_CryptKey_free(scd->remoteSignKey);
scd->remoteSignKey=GWEN_CryptKey_FromDb(gr);
if (scd->remoteSignKey==0) {
DBG_ERROR(0, "Could not read key");
return 0;
}
} /* if "remotesignkey" group */
gr=GWEN_DB_GetGroup(db,
GWEN_DB_FLAGS_DEFAULT |
GWEN_PATH_FLAGS_NAMEMUSTEXIST,
"remotecryptkey");
if (gr) {
GWEN_CryptKey_free(scd->remoteCryptKey);
scd->remoteCryptKey=GWEN_CryptKey_FromDb(gr);
if (scd->remoteCryptKey==0) {
DBG_ERROR(0, "Could not read key");
return 0;
}
} /* if "remotecryptkey" group */
GWEN_SecContext_SetData(sc, scd);
return 0;
}
int GWEN_IPCXMLSecCtx_ToDB(GWEN_SECCTX *sc,
GWEN_DB_NODE *db){
GWEN_IPCXMLSECCTXDATA *scd;
GWEN_DB_NODE *gr;
GWEN_ERRORCODE err;
assert(sc);
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
assert(scd->keyManager);
if (GWEN_KeyManager_AddKey(scd->keyManager, k)) {
DBG_INFO(0, "here");
return -1;
GWEN_DB_SetIntValue(db,
GWEN_DB_FLAGS_DEFAULT |
GWEN_DB_FLAGS_OVERWRITE_VARS,
"localsignseq",
scd->localSignSeq);
GWEN_DB_SetIntValue(db,
GWEN_DB_FLAGS_DEFAULT |
GWEN_DB_FLAGS_OVERWRITE_VARS,
"remotesignseq",
scd->remoteSignSeq);
if (scd->remoteSignKey) {
gr=GWEN_DB_GetGroup(db,
GWEN_DB_FLAGS_DEFAULT |
GWEN_PATH_FLAGS_CREATE_GROUP,
"remotesignkey");
assert(gr);
err=GWEN_CryptKey_ToDb(scd->remoteSignKey, gr, 1);
if (!GWEN_Error_IsOk(err)) {
DBG_INFO_ERR(0, err);
return -1;
}
}
if (scd->remoteCryptKey) {
gr=GWEN_DB_GetGroup(db,
GWEN_DB_FLAGS_DEFAULT |
GWEN_PATH_FLAGS_CREATE_GROUP,
"remotecryptkey");
assert(gr);
err=GWEN_CryptKey_ToDb(scd->remoteCryptKey, gr, 1);
if (!GWEN_Error_IsOk(err)) {
DBG_INFO_ERR(0, err);
return -1;
}
}
return 0;
}
void GWEN_IPCXMLSecCtx_SetLocalSignKey(GWEN_SECCTX *sc,
const GWEN_CRYPTKEY *key){
GWEN_IPCXMLSECCTXDATA *scd;
assert(sc);
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
scd->localSignKey=key;
}
void GWEN_IPCXMLSecCtx_SetLocalCryptKey(GWEN_SECCTX *sc,
const GWEN_CRYPTKEY *key){
GWEN_IPCXMLSECCTXDATA *scd;
assert(sc);
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
scd->localCryptKey=key;
}
void GWEN_IPCXMLSecCtx_SetRemoteSignKey(GWEN_SECCTX *sc,
GWEN_CRYPTKEY *key){
GWEN_IPCXMLSECCTXDATA *scd;
assert(sc);
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
GWEN_CryptKey_free(scd->remoteSignKey);
scd->remoteSignKey=key;
}
void GWEN_IPCXMLSecCtx_SetRemoteCryptKey(GWEN_SECCTX *sc,
GWEN_CRYPTKEY *key){
GWEN_IPCXMLSECCTXDATA *scd;
assert(sc);
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
assert(scd);
GWEN_CryptKey_free(scd->remoteCryptKey);
scd->remoteCryptKey=key;
}

Auch abrufbar als: Unified diff